RE: What to look at, source or destination port?

["Vachon, Scott" <Scott.Vachon () paymentech com>]

> UDP is not a connection-oriented protocol as TCP is, so it is more difficult 
> to track it by a mean firewall (i.e. it's quite difficult to find out which 
> peer is the origin of the communication). You should determine if there is 
> more entries in the logs like those, group them by source port and see if
> the destination port it's the same.
> Anyway it's a good practice to allow to pass through the firewall only 
> packets belonging to well known UDP protocols.

I beg to differ on "good practice to allow to pass through the firewall only 
packets belonging to well known UDP protocols." It is "good practice" on a firewall to DENY everything and then open 
only what is needed. Also, one could use a sniffer either outside of or inside of the firewall to capture traffic on 
the network.

Disclaimer: My 2 cents.

~S~
  
Learn more about Paymentech's payment processing services at www.paymentech.com
THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are proprietary and confidential information 
intended only for the use of the recipient(s) named above.  If you are not the intended recipient, you may not print, 
distribute, or copy this message or any attachments.  If you have received this communication in error, please notify 
the sender by return e-mail and delete this message and any attachments from your computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------